
<!DOCTYPE html
  PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
      <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
   
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="DC.Type" content="topic">
<meta name="DC.Title" content="LDAP">
<meta name="product" content="">
<meta name="prodname" content="">
<meta name="version" content="">
<meta name="brand" content="Online_help_nwh">
<meta name="DC.Publisher" content="20240726">
<meta name="DC.Format" content="XHTML">
<meta name="DC.Identifier" content="EN-US_TOPIC_0000001206636940">
<meta name="DC.Language" content="en-us">
<link rel="stylesheet" type="text/css" href="public_sys-resources/commonltr.css">
<title>LDAP</title>
</head>
<body style="clear:both; padding-left:10px; padding-top:5px; padding-right:5px; padding-bottom:5px"><a name="EN-US_TOPIC_0000001206636940"></a><a name="EN-US_TOPIC_0000001206636940"></a>

<h1 class="topictitle1">LDAP</h1>
<div><div class="section" id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_section17777133731219"><h4 class="sectiontitle">Function Description</h4><p id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_p7790313512">The <strong id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_b107933125120">LDAP</strong> page allows you to view and configure Lightweight Directory Access Protocol (LDAP) user information.</p>
<p id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_p479235518">The <span id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_ph3922183010205">BMC</span> provides an access function for LDAP users. An LDAP user can log in to the <span id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_ph1663981012263">BMC</span> WebUI or uses an SSH tool to log to in the <span id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_ph161798135264">BMC</span> CLI. Using a domain user account to access the <span id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_ph16746115122614">BMC</span> improves system security.</p>
<div class="note" id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_note1431284894715"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_p7532111115117">On the LDAP server, <strong id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_b20532141155118">DisplayName</strong> and <strong id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_b453220113518">CN</strong> must be the same.</p>
</div></div>
<p id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_p12177123611303">The <span id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_ph43411181263">BMC</span> supports a maximum of six domain servers.</p>
<p id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_p148904245519">During the login to the <span id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_ph1912142011261">BMC</span> WebUI, the domain server can be manually specified or automatically searched. During the login to the <span id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_ph128531223122616">BMC</span> CLI, the domain server is automatically searched.</p>
<div class="note" id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_note12828724145114"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_p16890424145119">The <span id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_ph1140298261">BMC</span> supports Windows Active Directory (AD) and Linux OpenLDAP.</p>
</div></div>
</div>
<div class="section" id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_section9174173121312"><h4 class="sectiontitle">Parameter Description</h4>
<div class="tablenoborder"><a name="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_table2175183121311"></a><a name="en-us_topic_0000001251229037_en-us_topic_0152871986_table2175183121311"></a><table cellpadding="4" cellspacing="0" summary="" id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_table2175183121311" frame="border" border="1" rules="all"><caption><b>Table 1 </b>LDAP</caption><thead align="left"><tr id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_row1258610351312"><th align="left" class="cellrowborder" valign="top" width="22.35%" id="mcps1.3.2.2.2.3.1.1"><p id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_p831755919312">Parameter</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="77.64999999999999%" id="mcps1.3.2.2.2.3.1.2"><p id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_p11317185915314">Description</p>
</th>
</tr>
</thead>
<tbody><tr id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_row133346270189"><td class="cellrowborder" valign="top" width="22.35%" headers="mcps1.3.2.2.2.3.1.1 "><p id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_p8335172741819">LDAP</p>
</td>
<td class="cellrowborder" valign="top" width="77.64999999999999%" headers="mcps1.3.2.2.2.3.1.2 "><p id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_p64201416105517">The LDAP function enables domain users to access the <span id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_ph85814349263">BMC</span>.</p>
<p id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_p1551135416220">It is disabled by default.</p>
<div class="note" id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_note17341205917179"><span class="notetitle"> NOTE: </span><div class="notebody"><p id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_en-us_topic_0154046418_p2045105311162"><span id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_en-us_topic_0154046418_ph101861656181811"><span id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_en-us_topic_0154046418_ph181085012106">The security policies (password complexity check, password validity period, minimum password age, previous passwords disallowed, and inactive timelimit, and user lockout policy) configured on the authentication server apply to the LDAP users attempting to log in to the <span id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_ph202993375263">BMC</span>.</span></span></p>
</div></div>
</td>
</tr>
<tr id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_row162621825131913"><td class="cellrowborder" colspan="2" valign="top" headers="mcps1.3.2.2.2.3.1.1 mcps1.3.2.2.2.3.1.2 "><p id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_p1595912595557">Controller 1</p>
<p id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_p1395919593553">The <span id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_ph79943396269">BMC</span> supports a maximum of six domain controllers (servers). When a user attempts to log in to <span id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_ph195540434267">BMC</span> WebUI through LDAP, the user can select the domain controller or <span class="uicontrol" id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_uicontrol13120130103518"><b>Automatic matching</b></span>.</p>
<p id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_p1959105917551">Controllers 1 to 6 have the same parameters.</p>
<div class="note" id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_note6911659185513"><span class="notetitle"> NOTE: </span><div class="notebody"><p id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_p497311593550">Parameters with asterisks (*) are mandatory.</p>
</div></div>
</td>
</tr>
<tr id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_row185861332132"><td class="cellrowborder" colspan="2" valign="top" headers="mcps1.3.2.2.2.3.1.1 mcps1.3.2.2.2.3.1.2 "><p id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_p154551311132018">Basic Settings</p>
</td>
</tr>
<tr id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_row20587143131310"><td class="cellrowborder" valign="top" width="22.35%" headers="mcps1.3.2.2.2.3.1.1 "><p id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_p72671950191814">LDAP Server Address</p>
</td>
<td class="cellrowborder" valign="top" width="77.64999999999999%" headers="mcps1.3.2.2.2.3.1.2 "><p id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_p026775013181">LDAP server IP address.</p>
<p id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_p2023993316167">Format: an IPv4 or IPv6 address or a domain name</p>
<p id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_p1928311501183">After certificate verification is enabled, set this parameter to the LDAP server FQDN (<em id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_i1928365091812">Host name</em>.<em id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_i92831050131817">Domain name</em>), and configure DNS address information on the <strong id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_b128385061815">Network</strong> page.</p>
<div class="note" id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_note923612513618"><span class="notetitle"> NOTE: </span><div class="notebody"><div class="p" id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_p12791125213616">The domain name must meet the following requirements:<ul id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_ul879118521763"><li id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_en-us_topic_0152871986_li1495014334711">Contain 0 to 255 characters.</li><li id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_en-us_topic_0152871986_li542824417259">Allow digits, letters, hyphens (-), and dots (.) only.</li><li id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_en-us_topic_0152871986_li0305149152513">Cannot start with a hyphen or dot, or end with a hyphen.</li><li id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_en-us_topic_0152871986_li34281844132520">Allow a maximum of 63 characters between any two dots.</li></ul>
</div>
</div></div>
</td>
</tr>
<tr id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_row1058733161310"><td class="cellrowborder" valign="top" width="22.35%" headers="mcps1.3.2.2.2.3.1.1 "><p id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_p1428325081817">LDAPS Port</p>
</td>
<td class="cellrowborder" valign="top" width="77.64999999999999%" headers="mcps1.3.2.2.2.3.1.2 "><p id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_p13283150111810">Port number for the LDAP service.</p>
<p id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_p13283145012182">Value: an integer ranging from 1 to 65535</p>
<p id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_p128395019188">Default value: <strong id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_b19283450181819">636</strong></p>
<div class="note" id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_note3171571669"><span class="notetitle"> NOTE: </span><div class="notebody"><p id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_p15247588619">The <span id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_ph14671535125917">BMC</span> supports LDAPS, but it does not support LDAP without SSL (port number: 389), so the LDAP server must have a trusted server certificate to prove its identity.</p>
</div></div>
</td>
</tr>
<tr id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_row258793181310"><td class="cellrowborder" valign="top" width="22.35%" headers="mcps1.3.2.2.2.3.1.1 "><p id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_p2283125001817">Domain</p>
</td>
<td class="cellrowborder" valign="top" width="77.64999999999999%" headers="mcps1.3.2.2.2.3.1.2 "><p id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_p20298135014186">User domain to which an LDAP user defined in the domain controller belongs.</p>
<div class="p" id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_p97181737134115">The domain name must meet the following requirements:<ul id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_ul6428194402513"><li id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_li1495014334711">Contain 0 to 255 characters.</li><li id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_li542824417259">Allow digits, letters, hyphens (-), and dots (.) only.</li><li id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_li0305149152513">Cannot start with a hyphen or dot, or end with a hyphen.</li><li id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_li34281844132520">Allow a maximum of 63 characters between any two dots.</li></ul>
</div>
</td>
</tr>
<tr id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_row165871030136"><td class="cellrowborder" valign="top" width="22.35%" headers="mcps1.3.2.2.2.3.1.1 "><p id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_p14298195081818">Bind DN</p>
</td>
<td class="cellrowborder" valign="top" width="77.64999999999999%" headers="mcps1.3.2.2.2.3.1.2 "><p id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_p14298185021811">Distinguished name (DN) of an LDAP proxy user.</p>
<p id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_p229815506184">For example, <strong id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_b1029825011818">CN=username,OU=company,<span id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_ph4399613142420">O=organization,</span>DC=domain,DC=com</strong>, which must be the same as the DN set on the LDAP server.</p>
<p id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_p157313911265">Value range: a string of 255 bytes (64 to 255 characters). The specific length varies with the number of bytes of each character.</p>
</td>
</tr>
<tr id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_row858823141316"><td class="cellrowborder" valign="top" width="22.35%" headers="mcps1.3.2.2.2.3.1.1 "><p id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_p6298550101812">Bind Password</p>
</td>
<td class="cellrowborder" valign="top" width="77.64999999999999%" headers="mcps1.3.2.2.2.3.1.2 "><p id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_p42981050181816">Authentication password for the LDAP proxy user.</p>
<p id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_p16753102725317">Value: a string of 1 to 20 characters, including digits, letters, and special characters</p>
</td>
</tr>
<tr id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_row858811341313"><td class="cellrowborder" valign="top" width="22.35%" headers="mcps1.3.2.2.2.3.1.1 "><p id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_p122981350111811">User Folder</p>
</td>
<td class="cellrowborder" valign="top" width="77.64999999999999%" headers="mcps1.3.2.2.2.3.1.2 "><p id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_p172524426214">Directory on the LDAP server of the LDAP user that can log in to the <span id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_ph214295451">BMC</span>.</p>
<p id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_p16882149142220">Format: "CN=xxx", "OU=xxx" or "O=xxx"</p>
<p id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_p850035914212">When there are multiple levels of nodes, the upper-level node follows the lower-level node with a comma in between.</p>
<p id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_p148831859626">For example, if the user <strong id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_en-us_topic_0154046444_b1258213391205">infotest</strong> is in <strong id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_en-us_topic_0154046444_b6314650191816">\testusers\part1</strong> on the LDAP server, enter <strong id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_en-us_topic_0154046444_b1631485071816">OU=part1,OU=testusers</strong>.</p>
<div class="note" id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_note1519162611259"><span class="notetitle"> NOTE: </span><div class="notebody"><p id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0154046444_p149600534414">For details about the differences between the CN, OU, and O, see the description of the LDAP protocol. Examples:</p>
<ul id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0154046444_ul1960185344113"><li id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0154046444_li5960155312418">In Windows AD, it is CN if <strong id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0154046444_b11954136133315">Type</strong> is <strong id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0154046444_b1395416673312">Container</strong>, or OU if <strong id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0154046444_b12123203310">Type</strong> is <strong id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0154046444_b12162312331">Organizational Unit.</strong></li><li id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0154046444_li16161418445">In OpenLDAP, it is O if <strong id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0154046444_b43781641123515">objectClass</strong> is <strong id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0154046444_b13314258123516">Organization</strong>.</li></ul>
</div></div>
<p id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_p13234195344515">Value range: a string of 255 bytes (64 to 255 characters). The specific length varies with the number of bytes of each character.</p>
</td>
</tr>
<tr id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_row38161844102515"><td class="cellrowborder" valign="top" width="22.35%" headers="mcps1.3.2.2.2.3.1.1 "><p id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_p33298504181">LDAP Certificate Verification</p>
</td>
<td class="cellrowborder" valign="top" width="77.64999999999999%" headers="mcps1.3.2.2.2.3.1.2 "><p id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_p12329175061815">Certificate verification of the LDAP server, which can be enabled or disabled.</p>
<p id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_p2329135011810">Enable certificate verification for security purposes.</p>
<p id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_p6329155071812">After certificate verification is enabled, you need to import the LDAP CA certificate, install the AD, DNS, and CA certificate issuer on the LDAP server, and import the CA certificate into the LDAP server and <span id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_ph7399950182610">BMC</span>.</p>
<p id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_p3958112862719">Default value: <strong id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_b19661055145811">Disabled</strong></p>
</td>
</tr>
<tr id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_row2074016532256"><td class="cellrowborder" valign="top" width="22.35%" headers="mcps1.3.2.2.2.3.1.1 "><p id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_p16329115016180">Certificate Verification Level</p>
</td>
<td class="cellrowborder" valign="top" width="77.64999999999999%" headers="mcps1.3.2.2.2.3.1.2 "><p id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_p113291750181813">Level of the LDAP certificate verification.</p>
<ul id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_ul032995061813"><li id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_li203295508188"><strong id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_b1032925019182">Demand</strong>: Reject the access to the <span id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_ph157795362610">BMC</span> if the client certificate is incorrect or no certificate is available. For security purposes, use the default option (<strong id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_b1632985011181">Demand</strong>).</li><li id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_li133291550181819"><strong id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_b4345115015182">Allow</strong>: Allow the access to the <span id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_ph967512557269">BMC</span> even if the client certificate is incorrect or no certificate is available.</li></ul>
<p id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_p334585017185">Default value: <strong id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_b4345185012186">Demand</strong></p>
</td>
</tr>
<tr id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_row10589236138"><td class="cellrowborder" valign="top" width="22.35%" headers="mcps1.3.2.2.2.3.1.1 "><p id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_p153454502185">LDAP Certificate</p>
</td>
<td class="cellrowborder" valign="top" width="77.64999999999999%" headers="mcps1.3.2.2.2.3.1.2 "><p id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871978_p13554327183817">Click <strong id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_b4811639174016">Redirect</strong>, to Certificate Management &gt; CA Certificates for subsequent operations.</p>
<div class="note" id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_note104301937174217"><span class="notetitle"> NOTE: </span><div class="notebody"><ul id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_ul2430173710420"><li id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_li18430737184213">If there are any changes made and not saved, a pop-up window will appear to confirm saving the current page. After confirmation and successful saving, the page will be redirected to the <strong id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_b1318542914216">CA Certificates</strong> page.</li><li id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_li24306373426">The server certificate verification function is based on certificates that are trusted by <span id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_ph13430113774217">BMC</span> and managed as CA certificates. Each service can use any trusted CA certificate for server verification.</li></ul>
</div></div>
</td>
</tr>
<tr id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_row63939242910"><td class="cellrowborder" valign="top" width="22.35%" headers="mcps1.3.2.2.2.3.1.1 "><p id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_p133621150161817">Login Password</p>
</td>
<td class="cellrowborder" valign="top" width="77.64999999999999%" headers="mcps1.3.2.2.2.3.1.2 "><p id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_p8617636145712">Password of the user for logging in to the <span id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_ph10363200202715">BMC</span>.</p>
</td>
</tr>
<tr id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_row18246477229"><td class="cellrowborder" colspan="2" valign="top" headers="mcps1.3.2.2.2.3.1.1 mcps1.3.2.2.2.3.1.2 "><p id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_p9258155316227">LDAP User Group</p>
</td>
</tr>
<tr id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_row1959215361318"><td class="cellrowborder" valign="top" width="22.35%" headers="mcps1.3.2.2.2.3.1.1 "><p id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_p1159210361311">Add Group</p>
</td>
<td class="cellrowborder" valign="top" width="77.64999999999999%" headers="mcps1.3.2.2.2.3.1.2 "><p id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_p1271444010615">Adds an LDAP group.</p>
</td>
</tr>
<tr id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_row1593113171312"><td class="cellrowborder" valign="top" width="22.35%" headers="mcps1.3.2.2.2.3.1.1 "><p id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_p6376250161810">Group Name</p>
</td>
<td class="cellrowborder" valign="top" width="77.64999999999999%" headers="mcps1.3.2.2.2.3.1.2 "><p id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_p839235017187">Name of the LDAP group to which an LDAP user belongs.</p>
<p id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_p18462111467">Value range: a string of 255 bytes (64 to 255 characters). The specific length varies with the number of bytes of each character.</p>
</td>
</tr>
<tr id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_row83071310241"><td class="cellrowborder" valign="top" width="22.35%" headers="mcps1.3.2.2.2.3.1.1 "><p id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_p23077314241">Role</p>
</td>
<td class="cellrowborder" valign="top" width="77.64999999999999%" headers="mcps1.3.2.2.2.3.1.2 "><p id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_p1624152513214">Role assigned to an LDAP group.</p>
<ul id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_ul7265850122818"><li id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_en-us_topic_0154046442_li7971357182015"><strong id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_en-us_topic_0154046442_b19971157162020">Administrator</strong>: Users assigned the <strong id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_en-us_topic_0154046442_b12971757132014">Administrator</strong> role can perform all operations.</li><li id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_en-us_topic_0154046442_li797165716209"><strong id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_en-us_topic_0154046442_b149866570206">Operator</strong>: Users with the <strong id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_en-us_topic_0154046442_b149869572203">Operator</strong> role can perform basic management, remote control, remote media, power control, query information, and configure their own data.</li><li id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_en-us_topic_0154046442_li13986145782014"><strong id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_en-us_topic_0154046442_b6986857172018">Common User</strong>: Users assigned with the <strong id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_en-us_topic_0154046442_b1898612576207">Common User</strong> role can query information and configure their own data.</li><li id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_en-us_topic_0154046442_li129860574204"><strong id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_en-us_topic_0154046442_b598675719201">Custom Role</strong>: Users assigned <strong id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_en-us_topic_0154046442_b298613578203">Custom Role 1</strong> to <strong id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_en-us_topic_0154046442_b0986057132013">Custom Role 4</strong> can perform the specified operations.</li></ul>
<div class="note" id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_note322291122419"><span class="notetitle"> NOTE: </span><div class="notebody"><p id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_zh-cn_topic_0298044815_p16639181591912"><strong id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_b188601030441">Common User</strong> is the default user permission for a new LDAP user group.</p>
</div></div>
</td>
</tr>
<tr id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_row1563601262614"><td class="cellrowborder" valign="top" width="22.35%" headers="mcps1.3.2.2.2.3.1.1 "><p id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_p640810503186">Login Interfaces</p>
</td>
<td class="cellrowborder" valign="top" width="77.64999999999999%" headers="mcps1.3.2.2.2.3.1.2 "><p id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_p11408165061817">Interfaces through which the LDAP group members can log in to <span id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0269442969_ph1970530225">BMC</span>.</p>
<div class="p" id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_p9408175015185">Values:<ul id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_ul28778423311"><li id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_li108788428319"><strong id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_b488374212313">SSH</strong>: The user can use an SSH tool (such as PuTTY) to log in to the <span id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_ph13861711872">BMC</span> CLI.</li><li id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_li1860310910243"><span class="parmvalue" id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_parmvalue432593217616"><b>Web</b></span>: The user can use a web browser to log in to the <span id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_ph1225183974">BMC</span> WebUI.</li><li id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_li59631801214"><span class="parmvalue" id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_parmvalue119631013211"><b>Redfish</b></span>: The user can use a Redfish tool to log in to <span id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_ph18885131572815">BMC</span>.</li></ul>
</div>
<div class="note" id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_note10453123252718"><span class="notetitle"> NOTE: </span><div class="notebody"><p id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_p245319322271">A new LDAP user group supports all login interfaces.</p>
</div></div>
</td>
</tr>
<tr id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_row938018211419"><td class="cellrowborder" valign="top" width="22.35%" headers="mcps1.3.2.2.2.3.1.1 "><p id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_p21331023145">Group Folder</p>
</td>
<td class="cellrowborder" valign="top" width="77.64999999999999%" headers="mcps1.3.2.2.2.3.1.2 "><p id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_p121332231745">Directory on the LDAP server of the LDAP group that can log in to the <span id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_ph513320231542">BMC</span>.</p>
<p id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_p131330231849">Format: "CN=xxx", "OU=xxx" or "O=xxx"</p>
<p id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_p181339231048">When there are multiple levels of nodes, the upper-level node follows the lower-level node with a comma in between.</p>
<p id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_p1913352314416">For example, if the user <strong id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_b161331023149">infotest</strong> is in <strong id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_b3133823241">\testusers\part1</strong> on the LDAP server, enter <strong id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_b101332231249">OU=part1,OU=testusers</strong>.</p>
<div class="note" id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_note5813165715261"><span class="notetitle"> NOTE: </span><div class="notebody"><p id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_p56562812270">For details about the differences between the CN, OU, and O, see the description of the LDAP protocol. Examples:</p>
<ul id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_ul46564842713"><li id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_li76569813278">In Windows AD, it is CN if <strong id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_b36561482278">Type</strong> is <strong id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_b66560811270">Container</strong>, or OU if <strong id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_b96562816278">Type</strong> is <strong id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_b1465613818276">Organizational Unit.</strong></li><li id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_li96566811278">In OpenLDAP, it is O if <strong id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_b206562822711">objectClass</strong> is <strong id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_b565612882719">Organization</strong>.</li></ul>
</div></div>
<p id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_p513382313419">Value range: a string of 255 bytes (64 to 255 characters). The specific length varies with the number of bytes of each character.</p>
</td>
</tr>
<tr id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_row7594103121310"><td class="cellrowborder" valign="top" width="22.35%" headers="mcps1.3.2.2.2.3.1.1 "><p id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_p5822495412">Login Rules</p>
</td>
<td class="cellrowborder" valign="top" width="77.64999999999999%" headers="mcps1.3.2.2.2.3.1.2 "><p id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_p2822494410">Login rules that apply to the LDAP group.</p>
</td>
</tr>
<tr id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_row17294955119"><td class="cellrowborder" valign="top" width="22.35%" headers="mcps1.3.2.2.2.3.1.1 "><p id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_p15592137135">Edit</p>
</td>
<td class="cellrowborder" valign="top" width="77.64999999999999%" headers="mcps1.3.2.2.2.3.1.2 "><p id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_p17376750161810">Displays the region for configuring an existing LDAP group.</p>
</td>
</tr>
<tr id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_row135661646185111"><td class="cellrowborder" valign="top" width="22.35%" headers="mcps1.3.2.2.2.3.1.1 "><p id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_p1259210351311">Delete</p>
</td>
<td class="cellrowborder" valign="top" width="77.64999999999999%" headers="mcps1.3.2.2.2.3.1.2 "><p id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_p20376150121816">Modifies an LDAP group.</p>
</td>
</tr>
</tbody>
</table>
</div>
</div>
<div class="section" id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_section4973503396"><h4 class="sectiontitle">Enabling LDAP and Setting LDAP Controllers</h4><ol id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_ol2063319102397"><li id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_li963471012395"><span>Set <strong id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_b10380642142217">LDAP </strong>to <span><img id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_image4684256141419" src="figure/en-us_image_0000001318424853.png"></span>.</span></li><li id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_li1363411101395"><span>Set LDAP controller parameters. For details about the parameters, see <a href="#EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_table2175183121311">Table 1</a>.</span></li><li id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_li663471014398"><span>Click <strong id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_b11781128237">Save</strong>.</span><p><p id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_p1017871282313">The message "Operation Successful" is displayed.</p>
</p></li></ol>
</div>
<div class="section" id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_section1697714063911"><h4 class="sectiontitle">Adding an LDAP Group</h4><p id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_p148822182255">You can add a maximum of five LDAP groups for the <span id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_ph14813113762816">BMC</span>.</p>
<ol id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_ol25021752499"><li id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_li19502175216920"><span>In the <span class="uicontrol" id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_uicontrol196911614153717"><b>LDAP User Group</b></span> area, click <span class="uicontrol" id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_uicontrol14472192043712"><b>Add Group</b></span>.</span><p><p id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_p5381137112518">The page for adding an LDAP group is displayed.</p>
</p></li><li id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_li20392458122519"><span>Set the LDAP group parameters.</span><p>
<div class="tablenoborder"><a name="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_table1475019811017"></a><a name="en-us_topic_0000001251229037_en-us_topic_0152871986_table1475019811017"></a><table cellpadding="4" cellspacing="0" summary="" id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_table1475019811017" frame="border" border="1" rules="all"><caption><b>Table 2 </b>Parameters for adding an LDAP group</caption><thead align="left"><tr id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_row16763088105"><th align="left" class="cellrowborder" valign="top" width="25%" id="mcps1.3.4.3.2.2.1.2.3.1.1"><p id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_p05491750161815">Parameter</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="75%" id="mcps1.3.4.3.2.2.1.2.3.1.2"><p id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_p9549450131813">Description</p>
</th>
</tr>
</thead>
<tbody><tr id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_row4790589104"><td class="cellrowborder" valign="top" width="25%" headers="mcps1.3.4.3.2.2.1.2.3.1.1 "><p id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_p2054915016186">Group Name</p>
</td>
<td class="cellrowborder" valign="top" width="75%" headers="mcps1.3.4.3.2.2.1.2.3.1.2 "><p id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_p1654925014184">Name of the LDAP group to which an LDAP user belongs.</p>
<p id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_p1849294064610">Value range: a string of 255 bytes (64 to 255 characters). The specific length varies with the number of bytes of each character.</p>
<div class="note" id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_note18218733161920"><span class="notetitle"> NOTE: </span><div class="notebody"><p id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_p17218133151911">The default home group of a new user in the AD domain cannot be used as a user group.</p>
</div></div>
</td>
</tr>
<tr id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_row1580578191015"><td class="cellrowborder" valign="top" width="25%" headers="mcps1.3.4.3.2.2.1.2.3.1.1 "><p id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_p1054945051812">Group Folder</p>
</td>
<td class="cellrowborder" valign="top" width="75%" headers="mcps1.3.4.3.2.2.1.2.3.1.2 "><p id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_p7701541152">Directory on the LDAP server of the LDAP group that can log in to the <span id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_ph6293131512718">BMC</span>.</p>
<p id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_p0544152262616">Format: "CN=xxx", "OU=xxx" or "O=xxx"</p>
<p id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_p1870341952">When there are multiple levels of nodes, the upper-level node follows the lower-level node with a comma in between.</p>
<p id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_p970046511">For example, if the user <strong id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_b1136323102420">infotest</strong> is in <strong id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_b193631031122419">\testusers\part1</strong> on the LDAP server, enter <strong id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_b3363143162414">OU=part1,OU=testusers</strong>.</p>
<div class="note" id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_note897051432817"><span class="notetitle"> NOTE: </span><div class="notebody"><p id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_p59426243287">For details about the differences between the CN, OU, and O, see the description of the LDAP protocol. Examples:</p>
<ul id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_ul199421524102819"><li id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_li59421024172810">In Windows AD, it is CN if <strong id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_b18942192418285">Type</strong> is <strong id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_b1194217243286">Container</strong>, or OU if <strong id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_b2942424112819">Type</strong> is <strong id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_b189421924202812">Organizational Unit.</strong></li><li id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_li8942182412811">In OpenLDAP, it is O if <strong id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_b14942112411287">objectClass</strong> is <strong id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_b10942192472815">Organization</strong>.</li></ul>
</div></div>
<p id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_p3468419114614">Value range: a string of 255 bytes (64 to 255 characters). The specific length varies with the number of bytes of each character.</p>
</td>
</tr>
<tr id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_row147581414518"><td class="cellrowborder" valign="top" width="25%" headers="mcps1.3.4.3.2.2.1.2.3.1.1 "><p id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_p1957905020180">Role</p>
</td>
<td class="cellrowborder" valign="top" width="75%" headers="mcps1.3.4.3.2.2.1.2.3.1.2 "><p id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_p657985021815">Role assigned to an LDAP group.</p>
<p id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_p0579185011817">Value: <strong id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_b65791550171815">Administrator</strong>, <strong id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_b3579350131813">Operator</strong>, <strong id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_b5579195051816">Common user</strong>, or <strong id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_b5579105041813">Custom Role</strong>.</p>
<div class="note" id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_note089313528542"><span class="notetitle"> NOTE: </span><div class="notebody"><ul id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0298044815_ul279441105712"><li id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0298044815_li17941511135718"><strong id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0298044815_b1900135019550">Common User</strong> is the default user permission for a new LDAP user group.</li><li id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0298044815_li14794111135715">If multiple groups are configured for an LDAP user, the user has the rights of multiple user groups. After the user logs in, the roles of these groups are displayed in the current user information window.</li></ul>
</div></div>
</td>
</tr>
<tr id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_row1483411861019"><td class="cellrowborder" valign="top" width="25%" headers="mcps1.3.4.3.2.2.1.2.3.1.1 "><p id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_p5579145081820">Login Rules</p>
</td>
<td class="cellrowborder" valign="top" width="75%" headers="mcps1.3.4.3.2.2.1.2.3.1.2 "><p id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_p35790502188">Login rules that apply to the LDAP group.</p>
</td>
</tr>
<tr id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_row884316812106"><td class="cellrowborder" valign="top" width="25%" headers="mcps1.3.4.3.2.2.1.2.3.1.1 "><p id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_p45791550171813">Login Interfaces</p>
</td>
<td class="cellrowborder" valign="top" width="75%" headers="mcps1.3.4.3.2.2.1.2.3.1.2 "><p id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_p17579115013188">Interfaces through which the LDAP group members can log in to <span id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_ph16315162010279">BMC</span>.</p>
<div class="p" id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_p16595125001810">Values:<ul id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_en-us_topic_0152871986_ul28778423311"><li id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_en-us_topic_0152871986_li108788428319"><strong id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_en-us_topic_0152871986_b488374212313">SSH</strong>: The user can use an SSH tool (such as PuTTY) to log in to the <span id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_ph1196717227277">BMC</span> CLI.</li><li id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_en-us_topic_0152871986_li1860310910243"><span class="parmvalue" id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_en-us_topic_0152871986_parmvalue432593217616"><b>Web</b></span>: The user can use a web browser to log in to the <span id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_ph758352514275">BMC</span> WebUI.</li><li id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_en-us_topic_0152871986_li59631801214"><span class="parmvalue" id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_en-us_topic_0152871986_parmvalue119631013211"><b>Redfish</b></span>: The user can use a Redfish tool to log in to <span id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_ph84111828132717">BMC</span>.</li></ul>
</div>
<div class="note" id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_note6276152217560"><span class="notetitle"> NOTE: </span><div class="notebody">
  <ul >
    <li >A new LDAP user group supports all login interfaces.</li>
    <li >If the login interface of a LDAP group is restricted, the restricted login interfaces cannot be used.</li></ul>
</div></div>
</td>
</tr>
<tr id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_row2711201617519"><td class="cellrowborder" valign="top" width="25%" headers="mcps1.3.4.3.2.2.1.2.3.1.1 "><p id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_p15951850181817">Login Password</p>
</td>
<td class="cellrowborder" valign="top" width="75%" headers="mcps1.3.4.3.2.2.1.2.3.1.2 "><p id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_p181605595712">Password of the user for logging in to the <span id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_ph5933430182714">BMC</span>.</p>
</td>
</tr>
</tbody>
</table>
</div>
</p></li></ol><ol start="3" id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_ol6236112118104"><li id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_li62371421121012"><span>Click <strong id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_b1429715182719">Save</strong>.</span><p><p id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_p14429181514272">Information about the new LDAP group is displayed in the LDAP group list.</p>
</p></li></ol>
</div>
<div class="section" id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_section297710013910"><h4 class="sectiontitle">Deleting an LDAP Group</h4><ol id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_ol103101036201017"><li id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_li23101736181013"><span>In the LDAP group area, click <span class="uicontrol" id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_uicontrol1087563813313"><b>Delete</b></span> for the LDAP group to be deleted.</span><p><p id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_p316819219286">A dialog box is displayed, prompting you to enter the current user password.</p>
</p></li><li id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_li11310836161012"><span>Enter the current user password.</span></li><li id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_li123642011363"><span>Click <span class="uicontrol" id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_uicontrol660119247542"><b>OK</b></span>.</span><p><p id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_p19545595549">The message "Operation Successful" is displayed.</p>
</p></li></ol>
</div>
<div class="section" id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_section159787014392"><h4 class="sectiontitle">Editing an LDAP Group</h4><ol id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_ol15815184317106"><li id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_li981510436107"><span>In the LDAP group area, click <span class="uicontrol" id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_uicontrol373919291742"><b>Edit</b></span> for the LDAP group to be edited.</span></li><li id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_li10182942914"><span>Enter the current user password and modify the LDAP group parameters. For details about the parameters, see <a href="#EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_table1475019811017">Table 2</a>.</span></li><li id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_li8815164318103"><span>Click <strong id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_b1232892542916">Save</strong>.</span><p><div class="note" id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_note8189812132713"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_p9189171242719">After the LDAP group information is modified or the LDAP group is deleted, users who have logged in to the KVM will not be automatically logged out of the system. To log out of these KVM users, go to the <strong id="EN-US_TOPIC_0000001206636940__en-us_topic_0000001251229037_en-us_topic_0152871986_b181131922709">Online Users</strong> page and log out the users.</p>
</div></div>
</p></li></ol>
</div>
</div>
<div></div>

</body>
</html>